Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-53856

When a virtual server, network address translation (NAT) object, or secure network address translation (SNAT) object uses the embedded Packet Velocity Acceleration (ePVA) feature, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. To determine which BIG-IP platforms have an ePVA chip refer to K12837: Overview of the ePVA feature https://my.f5.com/manage/s/article/K12837 . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Published

2025-10-15T14:15:48.600

Last Modified

2025-10-21T20:19:02.110

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-705
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	f5	big-ip_access_policy_manager	< 15.1.10.8	Yes
Application	f5	big-ip_advanced_firewall_manager	< 15.1.10.8	Yes
Application	f5	big-ip_advanced_web_application_firewall	< 15.1.10.8	Yes
Application	f5	big-ip_analytics	< 15.1.10.8	Yes
Application	f5	big-ip_application_acceleration_manager	< 15.1.10.8	Yes
Application	f5	big-ip_application_security_manager	< 15.1.10.8	Yes
Application	f5	big-ip_application_visibility_and_reporting	< 15.1.10.8	Yes
Application	f5	big-ip_automation_toolchain	< 15.1.10.8	Yes
Application	f5	big-ip_carrier-grade_nat	< 15.1.10.8	Yes
Application	f5	big-ip_container_ingress_services	< 15.1.10.8	Yes
Application	f5	big-ip_ddos_hybrid_defender	< 15.1.10.8	Yes
Application	f5	big-ip_domain_name_system	< 15.1.10.8	Yes
Application	f5	big-ip_edge_gateway	< 15.1.10.8	Yes
Application	f5	big-ip_fraud_protection_service	< 15.1.10.8	Yes
Application	f5	big-ip_global_traffic_manager	< 15.1.10.8	Yes
Application	f5	big-ip_link_controller	< 15.1.10.8	Yes
Application	f5	big-ip_local_traffic_manager	< 15.1.10.8	Yes
Application	f5	big-ip_policy_enforcement_manager	< 15.1.10.8	Yes
Application	f5	big-ip_ssl_orchestrator	< 15.1.10.8	Yes
Application	f5	big-ip_webaccelerator	< 15.1.10.8	Yes
Application	f5	big-ip_websafe	< 15.1.10.8	Yes
Application	f5	big-ip_access_policy_manager	< 16.1.6.1	Yes
Application	f5	big-ip_advanced_firewall_manager	< 16.1.6.1	Yes
Application	f5	big-ip_advanced_web_application_firewall	< 16.1.6.1	Yes
Application	f5	big-ip_analytics	< 16.1.6.1	Yes
Application	f5	big-ip_application_acceleration_manager	< 16.1.6.1	Yes
Application	f5	big-ip_application_security_manager	< 16.1.6.1	Yes
Application	f5	big-ip_application_visibility_and_reporting	< 16.1.6.1	Yes
Application	f5	big-ip_automation_toolchain	< 16.1.6.1	Yes
Application	f5	big-ip_carrier-grade_nat	< 16.1.6.1	Yes
Application	f5	big-ip_container_ingress_services	< 16.1.6.1	Yes
Application	f5	big-ip_ddos_hybrid_defender	< 16.1.6.1	Yes
Application	f5	big-ip_domain_name_system	< 16.1.6.1	Yes
Application	f5	big-ip_edge_gateway	< 16.1.6.1	Yes
Application	f5	big-ip_fraud_protection_service	< 16.1.6.1	Yes
Application	f5	big-ip_global_traffic_manager	< 16.1.6.1	Yes
Application	f5	big-ip_link_controller	< 16.1.6.1	Yes
Application	f5	big-ip_local_traffic_manager	< 16.1.6.1	Yes
Application	f5	big-ip_policy_enforcement_manager	< 16.1.6.1	Yes
Application	f5	big-ip_ssl_orchestrator	< 16.1.6.1	Yes
Application	f5	big-ip_webaccelerator	< 16.1.6.1	Yes
Application	f5	big-ip_websafe	< 16.1.6.1	Yes
Application	f5	big-ip_access_policy_manager	< 17.1.3	Yes
Application	f5	big-ip_access_policy_manager	≤ 17.5.1	Yes
Application	f5	big-ip_advanced_firewall_manager	< 17.1.3	Yes
Application	f5	big-ip_advanced_firewall_manager	≤ 17.5.1	Yes
Application	f5	big-ip_advanced_web_application_firewall	< 17.1.3	Yes
Application	f5	big-ip_advanced_web_application_firewall	≤ 17.5.1	Yes
Application	f5	big-ip_analytics	< 17.1.3	Yes
Application	f5	big-ip_analytics	≤ 17.5.1	Yes
Application	f5	big-ip_application_acceleration_manager	< 17.1.3	Yes
Application	f5	big-ip_application_acceleration_manager	≤ 17.5.1	Yes
Application	f5	big-ip_application_security_manager	< 17.1.3	Yes
Application	f5	big-ip_application_security_manager	≤ 17.5.1	Yes
Application	f5	big-ip_application_visibility_and_reporting	< 17.1.3	Yes
Application	f5	big-ip_application_visibility_and_reporting	≤ 17.5.1	Yes
Application	f5	big-ip_automation_toolchain	< 17.1.3	Yes
Application	f5	big-ip_automation_toolchain	≤ 17.5.1	Yes
Application	f5	big-ip_carrier-grade_nat	< 17.1.3	Yes
Application	f5	big-ip_carrier-grade_nat	≤ 17.5.1	Yes
Application	f5	big-ip_container_ingress_services	< 17.1.3	Yes
Application	f5	big-ip_container_ingress_services	≤ 17.5.1	Yes
Application	f5	big-ip_ddos_hybrid_defender	< 17.1.3	Yes
Application	f5	big-ip_ddos_hybrid_defender	≤ 17.5.1	Yes
Application	f5	big-ip_domain_name_system	< 17.1.3	Yes
Application	f5	big-ip_domain_name_system	≤ 17.5.1	Yes
Application	f5	big-ip_edge_gateway	< 17.1.3	Yes
Application	f5	big-ip_edge_gateway	≤ 17.5.1	Yes
Application	f5	big-ip_fraud_protection_service	< 17.1.3	Yes
Application	f5	big-ip_fraud_protection_service	≤ 17.5.1	Yes
Application	f5	big-ip_global_traffic_manager	< 17.1.3	Yes
Application	f5	big-ip_link_controller	< 17.1.3	Yes
Application	f5	big-ip_link_controller	≤ 17.5.1	Yes
Application	f5	big-ip_local_traffic_manager	< 17.1.3	Yes
Application	f5	big-ip_local_traffic_manager	≤ 17.5.1	Yes
Application	f5	big-ip_policy_enforcement_manager	< 17.1.3	Yes
Application	f5	big-ip_policy_enforcement_manager	≤ 17.5.1	Yes
Application	f5	big-ip_ssl_orchestrator	< 17.1.3	Yes
Application	f5	big-ip_ssl_orchestrator	≤ 17.5.1	Yes
Application	f5	big-ip_webaccelerator	< 17.1.3	Yes
Application	f5	big-ip_webaccelerator	≤ 17.5.1	Yes
Application	f5	big-ip_websafe	< 17.1.3	Yes
Application	f5	big-ip_websafe	≤ 17.5.1	Yes

References

https://my.f5.com/manage/s/article/K000156707 Vendor Advisory ([email protected])